A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
On an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted.
Please note that the index value can't be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs.
To be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with:
user@host> show system processes extensive | match "KMD|IKED"
This issue affects Junos OS on MX with SPC3, SRX Series:
* all versions before 23.2R2-S7,
* 23.4 versions before 23.4R2-S6,
* 24.2 versions before 24.2R2-S3,
* 24.4 versions before 24.4R2-S4,
* 25.2 versions before 25.2R1-S1.
References
| Link | Resource |
|---|---|
| https://supportportal.juniper.net/JSA110084 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
14 Jul 2026, 15:16
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:* cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx4300:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:mx480:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx4700:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.2:r2-s6:*:*:*:*:*:* cpe:2.3:h:juniper:srx4120:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:mx960:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.2:r2-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:25.2:r1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.4:r1-s3:*:*:*:*:*:* cpe:2.3:h:juniper:srx1600:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.4:-:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.2:r2-s4:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.2:r2-s3:*:*:*:*:*:* cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.2:r2-s1:*:*:*:*:*:* cpe:2.3:h:juniper:mx-spc3:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:25.2:-:*:*:*:*:*:* cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:mx240:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:* cpe:2.3:h:juniper:srx2300:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.4:r1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.4:r2-s2:*:*:*:*:*:* cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r2-s5:*:*:*:*:*:* cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.4:r2-s1:*:*:*:*:*:* cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx400:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.2:r2-s5:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.4:r1-s2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.4:r2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.4:r2-s3:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.2:r2-s2:*:*:*:*:*:* cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:* cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:* cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.2:r2-s1:*:*:*:*:*:* cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.2:r2:*:*:*:*:*:* cpe:2.3:o:juniper:junos:23.4:r2-s4:*:*:*:*:*:* cpe:2.3:h:juniper:srx440:-:*:*:*:*:*:*:* cpe:2.3:o:juniper:junos:24.2:r2:*:*:*:*:*:* |
|
| References | () https://supportportal.juniper.net/JSA110084 - Vendor Advisory | |
| First Time |
Juniper srx4100
Juniper srx4200 Juniper srx4700 Juniper srx4600 Juniper Juniper srx5800 Juniper srx400 Juniper srx1600 Juniper srx4120 Juniper srx5600 Juniper junos Juniper srx4300 Juniper mx480 Juniper mx240 Juniper srx5400 Juniper srx1500 Juniper srx345 Juniper srx320 Juniper mx960 Juniper srx2300 Juniper srx380 Juniper srx300 Juniper mx-spc3 Juniper srx440 Juniper srx340 |
09 Jul 2026, 22:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-09 22:17
Updated : 2026-07-14 15:16
NVD link : CVE-2026-57024
Mitre link : CVE-2026-57024
CVE.ORG link : CVE-2026-57024
JSON object : View
Products Affected
juniper
- srx4600
- srx1500
- srx320
- srx4200
- srx4120
- srx2300
- srx340
- junos
- srx400
- srx380
- srx345
- srx4100
- srx4300
- srx5600
- mx960
- mx-spc3
- srx300
- mx480
- srx440
- srx4700
- srx5800
- srx5400
- srx1600
- mx240
CWE
CWE-694
Use of Multiple Resources with Duplicate Identifier
